This Android app with over 50,000 installs steals your files and microphone recordings — what to do

News
By published

The iRecorder – Screen Recorder app was caught sucking up private data

A picture depicting how banking trojans steal credit card data
(Image credit: Shutterstock)

An Android app downloaded onto more than 50,000 devices has been found to be harboring data-stealing malware.

Security researchers at ESET discovered that the iRecorder – Screen Recorder app available on Google Play had malicious functionality that let it extract data from a user’s Android device. This data could include microphone recordings and files with specific extensions. 

That latter part is noteworthy — according to ESET’s WE Live Security blog, that could be an indication that the trojanized app was being used as part of an espionage campaign. 

When the app was first uploaded on the Play Store in September 2021, it didn’t appear to have any malware or trojans lurking beneath its digital skin; this is likely why it managed to bypass Google’s app store security measure. But ESET said it appeared to become trojanized via an update a few months later, and from there the app was able to carry out its malicious behavior using the AhMyth-based malware that ESET named AhRat. 

“It appears that malicious functionality was later implemented, most likely in version 1.3.8, which was made available in August 2022,” wrote ESET malware analyst Lukas Stefanko. 

While tens of thousands of Android devices have been infected by AhRat, it's not been detected by ESET anywhere else. So you can breathe a sigh of relief that this isn't likely to be massively widespread malware. 

Avoid the iRecorder – Screen Recorder app  

The iRecorder – Screen Recorder app has been pulled from the Play Store by Google so isn’t set to cause any more problems on that platform now. 

But the app could still be available on unofficial Android app stores and markets. If you happen to frequent such places, you’ll want to avoid the iRecorder – Screen Recorder app. 

If you’ve been using the app, we suggest you immediately remove it from your phone. (Here's a refresher on how to delete apps on Android.) As for any exfiltrated data, we’re afraid that there’s not much that can be done now as that data has likely been extracted to a remote server. For a bit of security hygiene, it might be best to reset your passwords and double-check app permissions. 

And do make sure to have one of the best Android antivirus apps on your Android devices to help keep malware at bay. 

More from Tom's Guide

See more Phones News
TOPICS
Roland Moore-Colyer
Roland Moore-Colyer

Roland Moore-Colyer a Managing Editor at Tom’s Guide with a focus on news, features and opinion articles. He often writes about gaming, phones, laptops and other bits of hardware; he’s also got an interest in cars. When not at his desk Roland can be found wandering around London, often with a look of curiosity on his face. 

Read more
Green skull on smartphone screen.
Malicious Android apps with 60 million installs bombarding phones with ads and phishing attacks — how to stay safe
Google Play logo on an android smartphone with corner hole punch camera
At least 5 North Korean spy apps have been found on Google Play — what you need to know
One phone with skull and crossbones on screen among several other clean-looking phones.
Malicious iPhone apps are spreading screenshot-reading malware on the Apple App Store — how to stay safe
DeepSeek logo on smartphone in front of merging US and Chinese flags
DeepSeek’s app contains serious privacy and security vulnerabilities that you should know about
Mobile malware
New malware uses infected VPN apps to take over your device — here's how to stay safe
A smartphone screen displaying the Android name and logo next to a sign reading 'MALWARE'.
Fake Google Play Store pages are spreading Trojan malware that can steal your financial data
Latest in Android Phones
Samsung Galaxy S25 Edge next to Galaxy S25 Plus
Samsung Galaxy S25 Edge vs. Galaxy S25 Plus: Everything we know so far
Samsung Galaxy S25 Ultra vs S25 Plus vs S25
Satellite messaging on Google Pixel 9 and Samsung Galaxy S25 just landed on 3 more carriers
back of Iris Pixel 9a
The Google Pixel 9a is lacking one of the Pixel 9’s best safety features — here’s what we know
vivo x200 ultra camera array
Vivo’s next premium phone could have a camera unlike anything we’ve seen before — here’s how
Google Pixel 9a with thumbs up and thumbs down icons
Google Pixel 9a — 5 reasons to buy and 3 reasons to skip
Pixel 9 Pro XL held in the hand with price drop badge.
Not a typo! This epic deal makes the flagship Pixel 9 Pro XL the same price as the budget Pixel 9a
Latest in News
Apple Watch Series 10
Future Apple Watch models could get a surprising new feature — what we know
iPhone 16 Pro vs iPhone 16 Pro Max in hand showing displays
Forget iPhone 17 — iPhone 18 could get this huge upgrade
The new Husqvarna iQ series robot lawn mower.
Husqvarna’s new robot mowers offer GPS for less
Rendered images of rumored foldable iPhone.
Foldable iPhone report just revealed key details — here's what we know
NYTimes Connections
NYT Connections today hints and answers — Sunday, March 23 (#651)
NYT Strands on a cellphone
NYT Strands today — hints, spangram and answers for game #385 (Sunday, March 23 2025)
More about android phones
Samsung Galaxy S25 Edge next to Galaxy S25 Plus

Samsung Galaxy S25 Edge vs. Galaxy S25 Plus: Everything we know so far
Samsung Galaxy S25 Ultra vs S25 Plus vs S25

Satellite messaging on Google Pixel 9 and Samsung Galaxy S25 just landed on 3 more carriers
Apple Watch Series 10

Future Apple Watch models could get a surprising new feature — what we know
See more latest